On 3/25/16, 17:17 , "openssl-users on behalf of Viktor Dukhovni"
wrote:
>>If I ask “is your passport valid”, I expect to be able to repeat this
>> question and (as long as this all is within a reasonably short time) get
>> exactly the same answer.
>
>The result of X509_verify_cert() is not just
On Fri, Mar 25, 2016 at 08:56:32PM +, Blumenthal, Uri - 0553 - MITLL wrote:
> If I ask “if your passport valid”, I expect to be able to repeat this
> question and (as long as this all is within a reasonably short time) get
> exactly the same answer.
The result of X509_verify_cert() is not jus
On 3/25/16, 16:10 , "openssl-users on behalf of Michael Wojcik"
wrote:
>>I'm sure I'm missing something obvious, but why isn't the operation
>> XXX_verify_xxx() idempotent? It seems very weird that two subsequent
>> calls to verify() wouldn't return exactly the same thing.
>
>Viktor already allu
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Blumenthal, Uri - 0553 - MITLL
> Sent: Thursday, March 24, 2016 16:37
>
> I'm sure I'm missing something obvious, but why isn't the operation
> XXX_verify_xxx() idempotent? It seems very weird that two subsequent
> cal
.
Original Message
From: Szilárd Pfeiffer
Sent: Thursday, March 24, 2016 16:21
To: openssl-users@openssl.org
Reply To: openssl-users@openssl.org
Subject: Re: [openssl-users] X509_verify_cert cannot be called twice
On 2016-03-24 19:12, Viktor Dukhovni wrote:
>> On Mar 24, 2016, at 2:02 PM, DE
On 2016-03-24 19:12, Viktor Dukhovni wrote:
On Mar 24, 2016, at 2:02 PM, DEXTER wrote:
So let me get this straight.
If someone had a software where they called X509_verify_cert from
SSL_CTX_set_cert_verify_callback callback twice (to verify first with
crls, and maybe verify again without crls)
> On Mar 24, 2016, at 2:02 PM, DEXTER wrote:
>
> So let me get this straight.
> If someone had a software where they called X509_verify_cert from
> SSL_CTX_set_cert_verify_callback callback twice (to verify first with
> crls, and maybe verify again without crls) and it worked as expected,
> afte
So let me get this straight.
If someone had a software where they called X509_verify_cert from
SSL_CTX_set_cert_verify_callback callback twice (to verify first with
crls, and maybe verify again without crls) and it worked as expected,
after this patch their software is broken.
Am I right?
And the
> On Mar 24, 2016, at 1:09 PM, Szilárd Pfeiffer
> wrote:
>
> I am afraid the patch causes a serious compatibility break. In practice,
> after an OS upgrade (which upgrades OpenSSL to the patched version) each
> and every application, which calls the X509_verify_cert function
> multiple times wi
On 2016-03-24 16:17, openssl-users at dukhovni.org (Viktor Dukhovni) wrote:
>> On Mar 24, 2016, at 4:21 AM, DEXTER wrote:
>>
>> So this patch:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
>>
>> magically made itself into ubuntu trusty's versi
> On Mar 24, 2016, at 4:21 AM, DEXTER wrote:
>
> So this patch:
> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
>
> magically made itself into ubuntu trusty's version of openssl in a
> security update.
>
> My question is:
>
> What is the rec
Hi!
So this patch:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
magically made itself into ubuntu trusty's version of openssl in a
security update.
My question is:
What is the recommended way now to call X509_verify_cert twice or
unlimited ti
12 matches
Mail list logo
